July 16, 2020
FinCEN Alerts Financial Institutions to Convertible Virtual Currency Scam Involving Twitter
FinCEN is emphasizing a high-profile scam exploiting Twitter accounts to solicit fraudulent payments denominated in convertible virtual currency (CVC). Cyber threat actors compromised the accounts of public figures, organizations, and financial institutions to solicit payments to CVC accounts, claiming that any CVC sent to a wallet address would be doubled and returned to the sender.
If you receive one of these solicitations, do not send money or provide any personal or confidential information to these individuals without independent verification of authenticity. This may be an attempt to defraud you.
It is critical that CVC exchanges and other financial institutions identify and report suspicious transactions associated with this type of activity as quickly as possible. For example, a CVC or other financial account receives a high volume of payments in a short period of time from previously unaffiliated accounts and/or multiple originating CVC addresses.
For other financial red flag indicators of illicit CVC activity, please see: FinCEN Advisory on Illicit Activity Involving Convertible Virtual Currency.
Financial institutions should include any relevant technical cyber indicators related to cyber events and associated transactions within the available structured cyber event indicator fields on the Suspicious Activity Report (SAR) form.
Any data or information that helps identify the activity as suspicious can be included as an indicator. Examples include chat logs, suspicious IP addresses, suspicious email addresses, suspicious filenames, malware hashes, CVC addresses, command and control (C2) IP addresses, C2 domains, targeted systems, MAC address or port numbers.
For additional information on reporting cyber events, including on how to file SARs, please see: FinCEN Cyber Event FAQs.
FinCEN is working closely with law enforcement agencies to identify the source of these scams and disrupt them. If you have immediate information to share with law enforcement, please contact the Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3): https://www.ic3.gov/default.aspx
FinCEN has identified the following indicators to help detect, prevent, and report potential suspicious activity related to this scam:
Promises of high or guaranteed investment or donation returns for payments made to accounts with which you have no prior business relationship.
Communications, including social media posts, soliciting payments with misspellings or messages out of profile for the counterparty, soliciting payments from individuals or organizations with whom you have no prior existing business relationship, including celebrities or public figures.
Solicitations requesting donations via social media where the solicitor is not affiliated with a reputable organization.
Social media posts that solicit donations or advertise give-aways that appear from accounts that are not “verified” through the social media platform account verification processes or that misspell the celebrity or financial institution’s name.
Multiple social media accounts communicating the same message soliciting funds for an unknown purpose or to an unknown account.
Communications, including social media posts, that provide the same CVC address across multiple celebrity or prominent financial institution social media accounts.
FinCEN requests that financial institutions reference this alert by including the key term “FIN-2020- Alert001” in SAR field 2 (Filing Institution Note to FinCEN) and the narrative to indicate a connection between the suspicious activity being reported and the activities highlighted in this alert.
The mission of the Financial Crimes Enforcement Network is to safeguard the financial system from illicit use, combat money laundering and its related crimes including terrorism, and promote national security through the strategic use of financial authorities and the collection, analysis, and dissemination of financial intelligence.